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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a), In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. . 

? the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days w.ll be cons.dered Jmely. 
: S NO above, the maximum sta/uto£ period will apply and will expire SIX (6) MONTHS from ^ ma mg date of th, s communion. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I )IE Responsive to communication(s) filed on 01 December 2004. 
2a)D This action is FINAL. 2b)[2 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) I3 Claim(s) 1-12. 14-25. and 27-34 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |3 Claim(s) 7-72. 14-25. 27-30. and 32-34 is/are rejected. 

7) |3 Claim(s) 37 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 

I I )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)DAII b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 
2.D Certified copies of the priority documents have been received in Application No. 



3D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . This action is in regards to the Amendment and Request for Reconsideration 
received on 01 December 2004. This action is NON-FINAL. Claims 1,14, and 28-30 
have been amended. Claims 13 and 26 have been canceled. Claims 31-34 have been 
added. Claims 1-12, 14-25, and 27-34 are now pending in this application. 

Response to Amendment 

2. Examiner acknowledges the amendments to claims 14-28 and 30, which now 
appears to be in conformance. The 35 U.S.C 101 rejection has been withdrawn. 

Claim Rejections - 35 USC § 103 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

4. Claims 1 -9, 1 2, 1 4-22, 25, 27-30, and 32-34 are rejected under 35 U.S.C. 1 03(a) 
as being unpatentable over Kingsford et al. (U.S. 6,574,737), hereinafter referred to as 
Kingsford, in view of Chang et al. (U.S. 6,526,433), hereinafter referred to as Chang. 

5. Regarding claims 1,14, and 28, Kingsford teaches the use of risk assessment 
scan modules extensively (for example, see Kingsford, col. 15, line 31 - col. 17, line 
64), as well as the method of stopping a risk assessment scan based upon the 
occurrence of a predetermined event, in this case, a time-out (see Kingsford, col. 17, 
lines 29-37). While Kingsford does disclose the execution of a risk-assessment scan on 
the target from the source (col. 2, lines 35-43) and the act of performing a risk- 
assessment scan related time-out prior to making a determination that the target is 
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failing to respond to the risk-assessment (col. 17, lines 29-37), Kingsford is silent on 
how to specifically implement the predetermined event, in this case a time-out (col. 17, 
lines 29-37). However, Chang discloses the use of an adaptive time out value setting 
applicable to computer applications, including the measuring of network conditions in a 
network coupled between a source and a target (col. 2, lines 29-33) and the setting of 
the variable duration value which is set by a function of the measured network 
conditions (col. 2, lines 29-33). One of ordinary skill in the art at the time of the 
applicant's invention would have found it obvious to use the risk-assessment scan 
module method utilizing a time-out function as disclosed by Kingsford and in order to 
implement and raise the efficiency of the time-out feature, an ordinary artisan in the art 
would be motivated to use the adaptive timeout value setting for computer applications 
method as disclosed by Chang. Because of the combination, a variable duration time- 
out value is provided (see Chang, col. 2, lines 29-33) and the abandonment of a risk- 
assessment scan is implemented (see Kingsford, col. 17, lines 29-37). 
Communications between a client and a server are well known in the art, as well as the 
implementation of time-out use. Chang discloses a time-out function that reflects on 
environmental factors and communications conditions that can be applied to a wide 
range of client-server applications in which time-outs are expected to happen (see 
Chang, col. 7, lines 23-30). Kingsford, as stated above, discloses the use of a risk- 
assessment scan between a target and a source, a client/server application, in which 
Kingsford discloses is an environment where time-outs, or predetermined events, are 
expected to occur (see Kingsford, col. 17, lines 29-35). It is for these reasons that one 
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of ordinary skill in the art would be motivated to combine the risk-assessment scan 
module having the ability to stop based on a time-out as disclosed by Kingsford with the 
adaptive time-out setting for computer applications method based on environmental 
factors and communications conditions as disclosed by Chang. 

6. Regarding claims 2 and 15, in accordance with claims 1 and 14 as explained 
above, Chang discloses the network conditions including latency associated with 
communication between the source and the target (col. 2, lines 34-38 and col. 6, lines 
26-34). The same motivation that was utilized in the combination of claims 1 and 14 
above applies equally as well to claims 2 and 15. 

7. Regarding claims 3 and 16, in accordance with claims 1 and 14 as explained 
above, Chang discloses the measuring of the network conditions including the 
transmitting of a probe signal from the source to the target utilizing the network (col. 6, 
lines 26-34). The same motivation that was utilized in the combination of claims 1 and 
14 above applies equally as well to claims 3 and 16. 

8. Regarding claims 4 and 17, in accordance with claims 3 and 16 as explained 
above, Chang discloses the probe signal prompting the target to send a response signal 
to the source utilizing the network (col. 6, lines 26-34). The same motivation that was 
utilized in the combination of claims 1 and 14 above applies equally as well to claims 4 
and 17. 

9. Regarding claims 5 and 18, in accordance with claims 4 and 17 as explained 
above, Chang discloses the measurement of network conditions further including the 
reception of a response signal from a target utilizing the network (col. 6, lines 26-34). 



Application/Control Number: 09/895,536 Page 5 

Art Unit: 2142 

The same motivation that was utilized in the combination of claims 1 and 14 above 
applies equally as well to claims 5 and 18. 

10. Regarding claims 6 and 19, in accordance with claims 5 and 18 as explained 
above, Chang discloses the measurement of network conditions further including the 
measurement of a response duration between the transmission of the probe signal and 
the receipt of the response signal (col. 6, lines 26-34). The same motivation that was 
utilized in the combination of claims 1 and 14 above applies equally as well to claims 6 
and 19. 

1 1 . Regarding claims 7 and 20, in accordance with claims 6 and 1 9 as explained 
above, Chang discloses the method wherein the time-out is set as a function of the 
response duration (col. 6, lines 35-51). The same motivation that was utilized in the 
combination of claims 1 and 14 above applies equally as well to claims 7 and 20. 

12. Regarding claims 8 and 21 , in accordance with claims 1 and 14 as explained 
above, Chang discloses the method wherein the time-out is set by adding a default 
value with a variable value which is set as a function of the measured network 
conditions (col. 1 , lines 27-30, col. 6, lines 22-25, and col. 6, line 49 - col. 7, line 5). 
The same motivation that was utilized in the combination of claims 1 and 14 above 
applies equally as well to claims 8 and 21 . 

13. Regarding claims 9 and 22, in accordance with claims 1 and 14 as explained 
above, Chang discloses the method wherein the time-out is set by multiplying a default 
value with a variable factor which is set as a function of the measured network 
conditions (col. 1, lines 27-30, col. 6, lines 22-25, and col. 6, line 49 - col. 7, line 5). 



Application/Control Number: 09/895,536 Page 6 

Art Unit: 2142 

The same motivation that was utilized in the combination of claims 1 and 14 above 
applies equally as well to claims 9 and 22. 

14. Regarding claims 12 and 25, in accordance with claims 1 and 14 as explained 
above, Chang discloses the method further comprising storing a result of the 
measurement of the network conditions (col. 6, lines 30-34). The same motivation that 
was utilized in the combination of claims 1 and 14 above applies equally as well to 
claims 12 and 25 

15. Regarding claim 27, in accordance with claim 14 as explained above, Chang 
discloses the product wherein the network conditions are measured for a network 
segment, and the measured network conditions are used to set the timeout for a 
plurality of targets located on the network segment (col. 2, lines 29-33 and lines 43-47). 
The same motivation that was utilized in the combination of claim 14 above applies 
equally as well to claim 27. 

16. Claims 29 and 30 contain identical limitations as disclosed in claims 1, 3, 5, 6 
and 10, and are rejected under the same rationale. 

17. Regarding claim 32, in accordance with claim 1 as explained above, Chang 
discloses the method wherein the timeout is set utilizing a plurality of network condition 
probes that gather multiple network condition measurements on a single target (col. 2, 
lines 29-33). 

18. Regarding claim 33, in accordance with claim 1 as explained above, Chang 
discloses the method wherein the measured network conditions are measured for an 
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entire network segment on which a plurality of target components is located (col. 2, lines 
29-33 and lines 43-47). 

19. Regarding claim 34, in accordance with claim 1 as explained above, Chang 
discloses the method wherein the source is capable of reducing a latency of the risk- 
assessment scan by setting the variable duration to a minimum value, while avoiding 
the abandonment of vulnerable systems reachable over high latency networks by 
increasing the variable duration to accommodate such scenarios (see Fig. 4 and col. 5, 
lines 49-56). 

20. Claims 1 0-1 1 and 23-24 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Kingsford. 

21 . Regarding claims 10 and 23, in accordance with claims 1 and 14, respectively, 
Kingsford discloses the method wherein executing the risk-assessment scan includes 
executing a plurality of risk-assessment scan modules (see Abstract). 

22. Regarding claims 1 1 and 24, in accordance with claims 10 and 23 as explained 
above, Kingsford discloses the timeout being performed for each of the risk-assessment 
modules (col. 17, lines 29-37). 

Allowable Subject Matter 

23. Claim 31 is objected to as being dependent upon a rejected base claim, but 
would be allowable if rewritten in independent form including all of the limitations of the 
base claim and any intervening claims. 
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Response to Arguments 

24. Applicant's arguments with respect to the claims have been considered but are 
moot in view of the new ground(s) of rejection. Because new grounds of rejection are 
being applied against substantively unamended claims, this action is NON-FINAL. 

Conclusion 

25. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin A. Ailes, whose telephone number is 
(571)272-3899. The examiner can normally be reached on Monday-Friday (7:30-5). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jack Harvey can be reached at (571)272-3896. The fax phone number for 
the organization where this application or proceeding is assigned is (703)872-3906. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). 

Communications via Internet e-mail regarding this application, other than those 
under 35 U.S.C. 132 or which otherwise require a signature, may be used by the 
applicant and should be addressed to [benjamin.ailes@uspto.gov]. 
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All Internet e-mail communications will be made of record in the application file. 
PTO employees do not engage in Internet communications where there exists a 
possibility that sensitive information could be identified or exchanged unless the record 
includes a properly signed express waiver of the confidentiality requirements of 35 
U.S.C. 122. This is more clearly set forth in the Interim Internet Usage Policy published 
in the Official Gazette of the Patent and Trademark on February 25, 1997 at 1 1 95 OG 



89. 



Benjamin Ailes 
Patent Examiner 
Art Unit 2142 




